On 24/11/2021 08:06, Mark Thomas wrote:
On 23/11/2021 20:42, Michael B Allen wrote:
On Tue, Nov 23, 2021 at 2:59 PM Thomas Hoffmann (Speed4Trade GmbH)
<thomas.hoffm...@speed4trade.com.invalid> wrote:
Short Addendum:
The "destroyed" flag gets set, when the dispose-method of the
GSSCredentialImpl was invoked.
Currently, I have no clue when and how it happens, but I have seen
this problem every few months.
So it is only occurring sometimes. Maybe if the Kerberos ticket
expires and the http session is still alive (?)
Nevertheless, the application should be able to recover from this
situation and handles it like "not authenticated".
So as suspected it may actually be an invalid credential that maybe
Tomcat had a hand in. If Tomcat disposed the credential and then
subsequently tried to use it for any reason, that would be "invalid".
So that might warrant investigation before submitting a bug report.
That might be possible.
Tomcat calls dispose when the user explicitly logs out or the session
expires. The OP is using http2 so parallel requests are likely.
I'll look into this some more.
It looks like concurrent requests for an expired session will trigger
this. Avoiding the IllegalStateExcpetion would require adding
synchronization to Request.getUserPrincipal(). Given that issue occurs
once every few months my preference is to catch the ISE rather than
avoid it since avoiding it has a (small) impact on every request.
I've checked and multiple calls to dispose() are safe so the current
approach appears to be sound. I'll add some comments to the code for
future maintainers.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
